diff options
author | Mystery Man <unknown@mandriva.org> | 2003-05-06 13:11:49 +0000 |
---|---|---|
committer | Mystery Man <unknown@mandriva.org> | 2003-05-06 13:11:49 +0000 |
commit | 3f5d21d90abbd16f16ab69aec1e1a1853a93fd18 (patch) | |
tree | 3d9f5a32303a8d97b4b457949e64bb42b4850ea9 /mdk-stage1/dietlibc/SECURITY | |
parent | 327bd24f8e4291bd1882de1990dd7339f781a9cb (diff) | |
download | drakx-backup-do-not-use-R9_0-AMD64.tar drakx-backup-do-not-use-R9_0-AMD64.tar.gz drakx-backup-do-not-use-R9_0-AMD64.tar.bz2 drakx-backup-do-not-use-R9_0-AMD64.tar.xz drakx-backup-do-not-use-R9_0-AMD64.zip |
This commit was manufactured by cvs2svn to create tag 'R9_0-AMD64'.R9_0-AMD64
Diffstat (limited to 'mdk-stage1/dietlibc/SECURITY')
-rw-r--r-- | mdk-stage1/dietlibc/SECURITY | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/mdk-stage1/dietlibc/SECURITY b/mdk-stage1/dietlibc/SECURITY new file mode 100644 index 000000000..67debc6e7 --- /dev/null +++ b/mdk-stage1/dietlibc/SECURITY @@ -0,0 +1,13 @@ +The diet libc was written with small code and embedded devices in mind, +not with security for network servers. + +Of course we still try to avoid buffer overflows, but there are some +parts of the code where tradeoffs have been made. This file is meant to +document them. + + 1. The DNS routines do not check whether the answer came from the IP + of the DNS server. The rationale is that people who can sniff the + network to find out the query, source port and DNS sequence number + can also spoof DNS packets to appear to come from the server we + asked, so it does not actually increase security to have that + check. |